SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability

(CVE-2023-35186)

Summary

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

Affected Products

SolarWinds ARM 2023.2.0.73 and prior versions

Fixed Software Release

SolarWinds ARM 2023.2.1

Acknowledgments

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

8.0 High

Advisory ID

CVE-2023-35186

First Published

10/18/2023

Last Updated

10/18/2023

Fixed Version

SolarWinds ARM 2023.2.1

CVSS Score

CVSS:8.0AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H